Quiz on API Security

Test your understanding of the concepts related to security in API design.

9

Consider a situation where a company utilizes API keys to grant access to its API’s endpoints. When making calls to the API, they decide to send the key embedded in the URL instead of the header of the request because it’s easier to use. Is this new method secure?

Your Answer
A)

Yes

Correct Answer
B)

No

Explanation

The key should be put in the HTTP Authorization header and not the URL. URLs are public entities, and if API keys are embedded in them (in plaintext without encryption), there is a high chance that they will get leaked. Therefore, the new method that the company employs is not secure.

Question 9 of 99 attempted

High-Level View of Security in APIs

API Versioning